Parent

Class/Module Index [+]

Quicksearch

Rex::Parser::WapitiDocument

Public Instance Methods

end_element(name=nil) click to toggle source
# File lib/rex/parser/wapiti_nokogiri.rb, line 37
def end_element(name=nil)
        block = @block
        case name
        when "timestamp"
                @state[:timestamp] = @text.strip
                @text = nil
        when "url"
                @state[:url] = @text.strip
                @text = nil
        when "addr"
                @state[:host] = @text.strip
                @text = nil
        when "port"
                @state[:port] = @text.strip
                @text = nil
        when "parameter"
                @state[:parameter] = @text.strip
                @text = nil
        when "info"
                @state[:info] = @text.strip
                @text = nil
        when "bug"
                report_vuln
        end
end
report_vuln(&block) click to toggle source
# File lib/rex/parser/wapiti_nokogiri.rb, line 63
def report_vuln(&block)
        proto = @state[:url].split(":")[0]
        path = '/' + (@state[:url].split("/")[3..(@state[:url].split("/").length - 1)].join('/'))

        web_vuln_info = {}
        web_vuln_info[:web_site] = proto + "://" + @state[:host] + ":" + @state[:port]
        web_vuln_info[:path] = path
        web_vuln_info[:query] = @state[:url].split("?")[1]

        #if the URL contains the parameter found to be vulnerable, it is probably a GET
        #if it does not contains the parameter, it is probably a POST
        if @state[:url].index(@state[:parameter])
                web_vuln_info[:method] = "GET"
        else
                web_vuln_info[:method] = "POST"
        end

        @state[:parameter].split("&").each do |param|
                if param.index("%27") #apostrophe
                        web_vuln_info[:pname] = param.split('=')[0] #sql injection
                        break
                elsif param.index("alert")
                        web_vuln_info[:pname] = param.split('=')[0] #xss
                end
        end  

        web_vuln_info[:host] = @state[:host]
        web_vuln_info[:port] = @state[:port]
        web_vuln_info[:ssl] = (proto =~ /https/)
        web_vuln_info[:proof] = ""
        web_vuln_info[:risk] = ""
        web_vuln_info[:params] = @state[:parameter]
        web_vuln_info[:category] = "imported"
        web_vuln_info[:confidence] = 90
        web_vuln_info[:name] = @state[:info]

        db.emit(:web_vuln, web_vuln_info[:name], &block) if block
        vuln = db_report(:web_vuln, web_vuln_info)
end
start_element(name=nil,attrs=[]) click to toggle source
# File lib/rex/parser/wapiti_nokogiri.rb, line 10
def start_element(name=nil,attrs=[])
        attrs = normalize_attrs(attrs)
        block = @block
        @state[:current_tag][name] = true

        case name
        when "timestamp"
                @state[:has_text] = true
        when "url"
                @state[:has_text] = true
        when "addr"
                @state[:has_text] = true
        when "port"
                @state[:has_text] = true
        when "parameter"
                @state[:has_text] = true
        when "info"
                @state[:has_text] = true
        when "description"
                @state[:has_text] = true
        when "solution"
                @state[:has_text] = true
        when "title"
                @state[:has_text] = true
        end
end

[Validate]

Generated with the Darkfish Rdoc Generator 2.